def test_login_bad(self):
register(RegisteredUser('Tomer123', '12345ABCDE'))
status = login(RegisteredUser('Tomer123', '12345ABCDE1'))
self.assertFalse(returnStringToBoolean(status))
register(RegisteredUser('KingT678', '12345678ABCabc'))
status = login(RegisteredUser('KingT678', '12345678ABCabcd'))
self.assertFalse(returnStringToBoolean(status))
def edit_password(request):
if request.method == 'POST':
current_password = request.POST.get('current_password')
new_password = request.POST.get('new_password')
event = "EDIT PASSWORD"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
current_password, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
new_password, event)
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if UsersLogic.login(RegisteredUser(username, current_password)):
return HttpResponse(
UsersLogic.edit_password(
RegisteredUser(username, new_password)))
return HttpResponse('FAILED: You are not logged in.')
def test_policies_torture(self):
UsersLogic.register(RegisteredUser('ShaharBenS', "SsS0897SsS"))
UsersLogic.update_details('ShaharBenS', 'AFG', 20, 'Male')
UsersLogic.register(RegisteredUser('ShaharBenS2', "SsS0897SsS"))
ShopLogic.create_shop(Shop('eBay', "Active"), 'ShaharBenS2')
ShopLogic.create_shop(Shop('Amazon', "Active"), 'ShaharBenS2')
item1 = Item(1, 'eBay', 'apple', 'vegas', 'good', 10, 500, 'regular',
None, 0, 0, 0)
item2 = Item(2, 'Amazon', 'apple', 'fruits', 'good', 10, 500,
'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'ShaharBenS2')
ItemsLogic.add_item_to_shop(item2, 'ShaharBenS2')
ShoppingPolicyLogic.add_shopping_policy_on_shop(
'ShaharBenS2', 'eBay', "age = ''20''", "AL", 3)
ShoppingPolicyLogic.add_shopping_policy_on_shop(
'ShaharBenS2', 'Amazon', "age > ''15''", "UT", 5)
ShoppingPolicyLogic.add_shopping_policy_on_identity(
'Ultimate_ShaharShahar', "sex = ''Male''", "AL", 9)
ShoppingPolicyLogic.add_shopping_policy_on_category(
'Ultimate_ShaharShahar', "vegas", "state = ''AFG''", "UT", 5)
ShoppingPolicyLogic.add_shopping_policy_on_items(
'Ultimate_ShaharShahar', "apple", "state != ''AFG''", "E", 2)
access_token = hashlib.md5('ShaharBenS'.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = 'ShaharBenS'
Consumer.loggedInUsersShoppingCart[access_token] = []
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 2, 3, None))
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 1, 7, None))
status = UserShoppingCartLogic.pay_all(access_token)
self.assertFalse(StoB(status))
def test_permissions(self):
UsersLogic.register(RegisteredUser('ShaharShahar', '1212345678'))
UsersLogic.register(RegisteredUser('TomerTomerLev', '65412321'))
shop = Shop('myShop', 'Active')
ShopLogic.create_shop(shop, 'ShaharShahar')
UsersLogic.add_manager(
'ShaharShahar',
StoreManager('TomerTomerLev', 'myShop', 1, 1, 1, 1, 1, 1, 1, 1))
ItemsLogic.add_item_to_shop(
Item(None, 'myShop', 'doll', 'toys', 'toys:kids', 20, 300,
'regular', None, 0, 0, 0), 'TomerTomerLev')
item = Items.get_item(1)
self.assertEqual(item.shop_name, 'myShop')
self.assertEqual(item.price, 20)
self.assertEqual(item.quantity, 300)
status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'price', 40)
self.assertTrue(status)
status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'name',
'doll_new')
self.assertTrue(status)
status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'quantity', 40)
self.assertTrue(status)
item = Items.get_item(1)
self.assertEqual(item.name, 'doll_new')
self.assertEqual(item.quantity, 40)
self.assertEqual(item.keyWords, 'toys:kids')
status = ItemsLogic.remove_item_from_shop(1, 'TomerTomerLev')
self.assertTrue(status)
def setUp(self):
init_database('db.sqlite3')
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager('YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
def test_supply_system(self):
UsersLogic.register(RegisteredUser('ShaharBenS', "SsS0897SsS"))
UsersLogic.update_details('ShaharBenS', 'AFG', 20, 'Male')
UsersLogic.register(RegisteredUser('ShaharBenS2', "SsS0897SsS"))
ShopLogic.create_shop(Shop('eBay', "Active"), 'ShaharBenS2')
ShopLogic.create_shop(Shop('Amazon', "Active"), 'ShaharBenS2')
item1 = Item(1, 'eBay', 'apple', 'vegas', 'good', 10, 500, 'regular',
None, 0, 0, 0)
item2 = Item(2, 'Amazon', 'apple', 'fruits', 'good', 10, 500,
'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'ShaharBenS2')
ItemsLogic.add_item_to_shop(item2, 'ShaharBenS2')
access_token = hashlib.md5('ShaharBenS'.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = 'ShaharBenS'
Consumer.loggedInUsersShoppingCart[access_token] = []
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 2, 3, None))
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 1, 7, None))
ExternalSystems.supply = ProxySupplySystem.ProxySupplySystem()
status = UserShoppingCartLogic.pay_all(access_token)
if isinstance(status, list) is not True:
status = False
self.assertFalse(status)
ExternalSystems.supply = SupplySystem.SupplySystem()
status = UserShoppingCartLogic.pay_all(access_token)
if isinstance(status, list):
status = True
self.assertTrue(status)
def test_edit_profile(self):
register(RegisteredUser('TomerTomerLev', 'TomerTomer6969'))
old_user = get_user('TomerTomerLev')
user = RegisteredUser(old_user.username, 'newpass1234')
status = edit_password(user)
self.assertTrue(returnStringToBoolean(status))
new_user = get_user('TomerTomerLev')
self.assertEqual(new_user.username, 'TomerTomerLev')
def test_bad_remover_remove_user(self):
register(RegisteredUser('YoniYoni', '12112212'))
user = get_user('YoniYoni')
self.assertEqual(user.username, 'YoniYoni')
register(RegisteredUser('YoniYonion', '123123123'))
remover = get_user('YoniYonion')
status = remove_user(remover.username, user)
self.assertFalse(returnStringToBoolean(status))
def test_bad_sys_man_close_shop_permanently(self):
register(RegisteredUser('YoniYoni', '12121122'))
register(RegisteredUser('ToniToni', '12121122'))
remover = get_user('YoniYoni')
owner = get_user('ToniToni')
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, owner.username)
status = close_shop_permanently(remover.username, 'My Shop')
self.assertFalse(status)
def test_send_message_and_get_messages_of_users(self):
UsersLogic.register(RegisteredUser('TomerTomer', '1234567878'))
UsersLogic.register(RegisteredUser('ShaharShahar', '1234567878'))
MessagingLogic.send_message(Message(1, 'TomerTomer', 'ShaharShahar', 'Hello 1'))
MessagingLogic.send_message(Message(2, 'ShaharShahar', 'TomerTomer', 'Hello 2'))
messages1 = MessagingLogic.get_all_messages('TomerTomer')
messages2 = MessagingLogic.get_all_messages('ShaharShahar')
self.assertTrue(messages1[0].content == 'Hello 2')
self.assertTrue(messages2[0].content == 'Hello 1')
def setUp(self):
init_database('db.sqlite3')
UsersLogic.register(RegisteredUser('ShaharBenS', "SsS0897SsS"))
UsersLogic.update_details('ShaharBenS', 'AFG', 20, 'Male')
UsersLogic.register(RegisteredUser('ShaharBenS2', "SsS0897SsS"))
ShopLogic.create_shop(Shop('eBay', "Active"), 'ShaharBenS2')
item1 = Item(1, 'eBay', 'banana', 'vegas', 'good', 10, 500, 'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'ShaharBenS2')
def test_bad_no_items_get_all_purchased_items(self):
register(RegisteredUser('ToniToniToniToni', '12121212'))
register(RegisteredUser('NoniNoni', '12121212'))
user = get_user('ToniToniToniToni')
add_system_manager(SystemManager(user.username, user.password))
item1 = Item(1, 'My Shop', 'banana', 'vegas', 'good', 10, 500,
'regular', None, 0, 0, 0)
add_item_to_shop(item1)
lst = get_all_purchased_items('ToniToniToniToni')
self.assertFalse(len(lst) > 0)
def test_close_shop_permanently(self):
register(RegisteredUser('YoniYoni', '12121212'))
register(RegisteredUser('ToniToniToniToni', '12112212'))
remover = get_user('YoniYoni')
owner = get_user('ToniToniToniToni')
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, owner.username)
add_system_manager(SystemManager(remover.username, remover.password))
status = close_shop_permanently(remover.username, shop.name)
self.assertTrue(status)
def test_bad_date(self):
register(RegisteredUser('ToniToniToniToni', '12121212'))
register(RegisteredUser('NoniNoni', '12121212'))
user = get_user('ToniToniToniToni')
user1user1 = get_user('NoniNoni')
add_system_manager(SystemManager(user.username, user.password))
item1 = Item(1, 'My Shop', 'banana', 'vegas', 'good', 10, 500, 'prize', None, 0, 0, 0)
item2 = Item(1, 'My Shop', 'banana', 'vegas', 'good', 10, 500, 'ticket', None, 0, 0, 0)
add_lottery_and_items(item1, item2, 500, '2016-12-26 17:38', 'YoniYoni')
lst = get_lotteries()
self.assertTrue(len(lst) == 0)
def test_bad_sys_man_get_all_purchased_items(self):
register(RegisteredUser('ToniToniToniToni', '12121212'))
register(RegisteredUser('NoniNoni', '12121212'))
user1user1 = get_user('NoniNoni')
item1 = Item(1, 'My Shop', 'banana', 'vegas', 'good', 10, 500,
'regular', None, 0, 0, 0)
add_item_to_shop(item1)
purchase_id = add_purchase_and_return_id(datetime.now(),
user1user1.username, 0)
add_purchased_item(purchase_id, item1.id, 7, item1.price)
self.assertFalse(get_all_purchased_items('ToniToniToniToni'))
def test_get_all_logging(self):
UsersLogic.register(RegisteredUser("user1user1", "13245678"))
UsersLogic.register(RegisteredUser("user2user2", "13245678"))
LoggerLogic.add_login_log("user1user1")
LoggerLogic.add_login_log("user2user2")
logs = Logger.get_all_login_logs()
self.assertTrue(len(logs) == 2)
login_log = logs[1]
self.assertEqual(login_log.username, "user1user1")
login_log = logs[0]
self.assertEqual(login_log.username, "user2user2")
def test_add_invisible_discount_bad(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
invdisc = InvisibleDiscount('ABCDEFGHIJKLMNO', item1.id, shop.name, -1,
'2018-12-01', '2019-12-01')
self.assertFalse(add_invisible_discount(invdisc, 'YoniYoni'))
def test_get_all_purchased_items(self):
register(RegisteredUser('ToniToniToniToni', '12121212'))
register(RegisteredUser('NoniNoni', '12121212'))
user = get_user('ToniToniToniToni')
user1user1 = get_user('NoniNoni')
add_system_manager(SystemManager(user.username, user.password))
item1 = Item(1, 'My Shop', 'banana', 'vegas', 'good', 10, 500,
'regular', None, 0, 0, 0)
add_item_to_shop(item1)
purchase_id = add_purchase_and_return_id(datetime.now(),
user1user1.username, 0)
add_purchased_item(purchase_id, item1.id, 50, item1.price)
lst = get_all_purchased_items('ToniToniToniToni')
self.assertTrue(len(lst) > 0)
def test_add_store_manager(self):
UsersLogic.register(RegisteredUser('ShaharShahar', '12345126'))
UsersLogic.register(RegisteredUser('TomerTomerLev', '65412321'))
shop = Shop('myShop', 'Active')
ShopLogic.create_shop(shop, 'ShaharShahar')
UsersLogic.add_manager(
'ShaharShahar',
StoreManager('TomerTomerLev', 'myShop', 1, 1, 1, 1, 1, 1, 1, 1))
manager = StoreManagers.get_store_manager('TomerTomerLev', 'myShop')
self.assertTrue(manager.permission_add_item > 0)
self.assertTrue(manager.permission_remove_item > 0)
self.assertTrue(manager.permission_edit_item > 0)
self.assertEqual(manager.store_name, 'myShop')
self.assertEqual(manager.username, 'TomerTomerLev')
def test_bad_no_get_all_premss_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 1, 0, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 1, 0, 1, 1, 1))
MessagingLogic.send_message_from_shop('TomerTomer2', Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
MessagingLogic.send_message_from_shop('TomerTomer1', Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
messages1 = MessagingLogic.get_all_shop_messages('TomerTomer2', 'My Shop1')
messages2 = MessagingLogic.get_all_shop_messages('TomerTomer1', 'My Shop2')
self.assertFalse(messages1)
self.assertFalse(messages2)
def test_bad_no_permssion_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 0, 1, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 0, 1, 1, 1, 1))
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer2',
Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
, "FAILED: You don't have the permissions")
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer1',
Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
, "FAILED: You don't have the permissions")
def test_add_bad_user(self):
status = register(RegisteredUser('ShaharShahar', '1212'))
self.assertFalse(returnStringToBoolean(status))
status = register(RegisteredUser('Tomer!', '12121212'))
self.assertFalse(returnStringToBoolean(status))
status = register(RegisteredUser('Tomer@%', '12121212'))
self.assertFalse(returnStringToBoolean(status))
status = register(RegisteredUser('sa', '12361123'))
self.assertFalse(returnStringToBoolean(status))
status = register(RegisteredUser('', 'asdsada'))
self.assertFalse(returnStringToBoolean(status))
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
event = "LOGIN"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
username, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
password, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
user = RegisteredUser(username, password)
result = UsersLogic.login(user)
if result[:7] == 'SUCCESS':
access_token = hashlib.md5(username.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = username
Consumer.loggedInUsersShoppingCart[
access_token] = ShoppingLogic.get_cart_items(username)
return HttpResponse(access_token)
else:
return HttpResponse(result)
def register(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
state = request.POST.get('state')
age = request.POST.get('age')
sex = request.POST.get('sex')
event = "REGISTER"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
username, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
password, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(
state, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(age, event)
suspect_sql_injection = LoggerLogic.identify_sql_injection(sex, event)
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
return HttpResponse(
UsersLogic.register_with_user_detail(
RegisteredUser(username, password), state, age, sex))
def test_bad_get_purchased_history(self):
register(RegisteredUser('TomerTomer', '12121212'))
user = get_user('TomerTomer')
# do not purchase anything
# get purchased history
# assertEqual(ans, [])
self.assertEqual(user, user)
def test_bad_user_remove_user(self):
register(RegisteredUser('YoniYoni', '12112212'))
user = get_user('YoniYoni')
self.assertEqual(user.username, 'YoniYoni')
add_system_manager(SystemManager('YoniYonion', '123123123'))
status = remove_user('YoniYonion', None)
self.assertFalse(returnStringToBoolean(status))
def test_no_permission(self):
UsersLogic.register(RegisteredUser('ShaharShahar', '12312456'))
UsersLogic.register(RegisteredUser('TomerTomerLev', '65431221'))
shop = Shop('myShop', 'Active')
ShopLogic.create_shop(shop, 'ShaharShahar')
UsersLogic.add_manager(
'ShaharShahar',
StoreManager('TomerTomerLev', 'myShop', 0, 0, 0, 0, 0, 0, 0, 0))
status = ItemsLogic.add_item_to_shop(
Item(None, 'myShop', 'doll', 'toys', 'toys;kids', 20, 300,
'regular', None, 0, 0, 0), 'TomerTomerLev')
self.assertFalse(status)
message = Message(None, 'myShop', 'ShaharShahar', 'Hi There')
status = MessagingLogic.send_message_from_shop('TomerTomerLev',
message)
self.assertFalse(returnStringToBoolean(status))
def test_bad_create_shop(self):
register(RegisteredUser('TomerTomer', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'TomerTomer')
shop_founded = Shops.search_shop('My Shop')
self.assertTrue(shop_founded.name == 'My Shop')
status = ShopLogic.create_shop(shop, 'TomerTomer')
self.assertEqual(status, 'FAILED: Shop name is taken')
def test_get_purchased_history(self):
register(RegisteredUser('TomerTomer', '12121212'))
user = get_user('TomerTomer')
# add an item to Shopping cart
# purchase
# get purchased history
# assertEqual(ans, [banana item])
self.assertEqual(user, user)
def test_review_on_item_bad(self):
register(RegisteredUser('TomerTomer', '1234567878'))
ItemsLogic.add_item_to_shop(
Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0), 'YoniYoni')
ItemsLogic.add_review_on_item(ItemReview('TomerTomer', 1, 'Good', 10))
reviews = get_all_reviews_on_item(1)
self.assertEqual(reviews, [])
